docs: purge stale fabb3421 narrative — Mail.Send already lives in the 365 app suite

Mail.Send is NOT an open decision or a 'blocked' item: the Exchange Operator
tier (b43e7342) already holds Graph Mail.Send + Mail.ReadWrite +
MailboxSettings.ReadWrite (the suite's IR victim-notification mail path).
/mailbox (ACG own-mail) separately uses the dedicated ComputerGuru Mailbox app
1873b1b0. The deleted fabb3421/Claude-MSP-Access app is now referenced only as
DELETED/do-not-use across all live surfaces.

Corrected: remediation-tool gotchas.md (removed 'suite has no mail scopes /
mailbox BLOCKED / decision-not-executed'), commands/mailbox.md (header +
Attribution no longer name the deleted app as active), feedback memory
(promoted 'suite has Mail.Send — settled' to a headline), breach-report
template, .grok mirrors, credentials.md, CATALOG_SHARED_DATA.md, and wiki
(internal-infrastructure, glaztech, dataforth). Removed dead plaintext secret
for the deleted app from CATALOG_SHARED_DATA.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-21 09:46:54 -07:00
parent 6897e515c9
commit f55b8d2556
12 changed files with 35 additions and 58 deletions

View File

@@ -460,43 +460,10 @@ curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonor
- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9
- **Status:** Authenticated but all endpoints returned 403
### Claude-MSP-Access (Multi-Tenant Graph API)
- **Service:** Direct Graph API access for M365 investigations
- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
- **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418
- **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO
- **Secret Expires:** 2026-12 (24 months)
- **Sign-in Audience:** Multi-tenant (any Entra ID org)
- **Purpose:** Direct Graph API access for M365 investigations and remediation
- **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
- **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All
- **Created:** 2025-12-29
- **Access Methods:** Graph API (OAuth 2.0)
#### Usage (Python)
```python
import requests
tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent
client_id = "fabb3421-8b34-484b-bc17-e46de9703418"
client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO"
# Get token
token_resp = requests.post(
f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token",
data={
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://graph.microsoft.com/.default",
"grant_type": "client_credentials"
}
)
access_token = token_resp.json()["access_token"]
# Query Graph API
headers = {"Authorization": f"Bearer {access_token}"}
users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers)
```
### Claude-MSP-Access (Multi-Tenant Graph API) — DELETED 2026-06-14, DO NOT USE
- **Status:** App `fabb3421-8b34-484b-bc17-e46de9703418` was DELETED from the azcomputerguru.com tenant on 2026-06-14. Every token request now returns **AADSTS700016**. The old client secret is dead (app gone). Do not reintroduce.
- **Replaced by:** the tiered **ComputerGuru remediation app suite** — Security Investigator `bfbc12a4`, Exchange Operator `b43e7342` (holds Graph **Mail.Send / Mail.ReadWrite / MailboxSettings.ReadWrite** — the suite's mail-send path), User Manager `64fac46b`, Tenant Admin `709e6eed`, Defender Add-on `dbf8ad1a`. Secrets in `msp-tools/computerguru-*.sops.yaml`. Acquire tokens via `bash .claude/skills/remediation-tool/scripts/get-token.sh <tenant-id> <tier>`.
- **ACG own-mail (`/mailbox`):** dedicated app `1873b1b0-3377-485c-a848-bae9b2f8f1f5`, vault `msp-tools/computerguru-mailbox.sops.yaml`.
---
@@ -875,7 +842,7 @@ curl http://172.16.3.20:3001/health
- **Web Applications:** 7 (Gitea, NPM, Cloudflare, CIPP, etc.)
- **Databases:** 5 (PostgreSQL x2, MariaDB x2, MySQL x1)
- **API Keys/Tokens:** 12 (Gitea, Cloudflare, WHM, Syncro, Autotask, CIPP, GuruRMM, etc.)
- **Microsoft Entra Apps:** 5 (GuruRMM SSO, Seafile Graph, Claude-MSP-Access, Dataforth Claude-Code, CIPP)
- **Microsoft Entra Apps:** GuruRMM SSO, Seafile Graph, ComputerGuru remediation suite (5 tiers) + Mailbox app, Dataforth Claude-Code, CIPP (the old Claude-MSP-Access single app was deleted 2026-06-14)
- **SSH Keys:** 3 (guru@wsl, azcomputerguru@local, gururmm-build-server)
- **Client Tenants:** 5 (MVAN, BG Builders, Dataforth, CW Concrete, Valley Wide Plastering, Khalsa)
- **Client Networks:** 4 (Dataforth, Valley Wide, Khalsa, Scileppi)